Researchers found two new, separate vulnerabilities in TI (Texas Instruments) CC2640/50 and TI cc2540/1 chips. Both vulnerabilities were named “BleedingBit” and both can be used as exploits in two different attacks.
Wi-Fi access points and other devices that are using Bluetooth Low Energy (BLE) chips made by Texas Instruments are affected by these vulnerabilities that can allow a hacker to hijack the affected device.
The vulnerable TI chips can be found in Wi-Fi access points manufactured by Aruba, Cisco, and Meraki; meaning that nearly 70% of the enterprise WiFi access point on the market are now at risk.
The first vulnerability is identified as CVE-2018-16986, an overflow in the field that stores “advertising packets” sent by devices in the AP’s area to let the AP know that the device is there.
Meaning that if a hacker sends a number of well-formed advertising packets containing code, and then a malformed packet with a “one”, it will result in a stack overflow that will lead to the execution of all that earlier-delivered code.
The delivered code can incorporate any kind of malware threat, for example, it can be a backdoor that will give to hacker complete access to the device. Once a backdoor is in place the hacker can exploit the BLE chip to reach the rest of the network.
The second vulnerability, CVE-2018-7080, have a less area of applicability, affecting only Aruba APs; but this doesn’t mean that is less dangerous, not at all because it can be used to deliver a larger payload in just one single step. CVE-2018-7080 exist because Aruba included an over-the-air download (OAD) feature through BLE as a tool for use in the development process. If the feature is left active in a production system, a hacker can obtain and use the hardcoded password to completely rewrite the AP’s operating system via BLE OAD feature.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Both Cisco and Aruba have issued security bulletins covering the vulnerabilities saying that other devices outside the parameters may well be vulnerable, and might be exploitable with serious consequences.
The existence of this vulnerabilities represents a very dangerous precedent because no one until now has lookt at BLE chip as an entry point for a cyber attack. Now BLE chip can be a very powerful point of entry for a hacker; just imagine the damage that can be done because sometimes your smartwatch and home control, BLE chip can be the only chip on the system, which is easy to exploit. An insulin pump might have only a BLE chip implemented for communication, so gaining access to the chip automatically gives full control over the device and medication, meaning that a hacker can have the user life in his hands.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.
Regular users are the most affected by malware this day because most of them do not care about what antivirus they have installed in their systems.
Users can download antivirus developed by our company directly by clicking the download banner from the end of the page.
Our free download antivirus can help users to protect their Mac or Windows devices against malware and adware.
We offer a free antivirus one day license to all our users who want to test the full power of our antivirus solution.
Our antivirus can detect a vast spectrum of threats, from dangerous malware to nasty browsers extensions used for mining the crypto-currency.
The antivirus our company is offered is a certified product of OPSWAT.
Most of the companies don't care about cybersecurity until they suffer a breach.
A healthy company must perform a penetration test from time to time. The penetration test must execute against all the assets of the company, including the workers who are the most vulnerable to the social engineering attacks.
A penetration test can be done either by a security specialist from inside of the company or by hiring an external cyber security company who can take care of everything.
Besides penetration test, a company must have a minimum healthy cybersecurity system installed like antivirus or firewall.
CyberByte company can perform various penetration tests on all the spectrum of PCI/DSS compliance to the red team, perimeter testing, and social engineering.
We also provide services to employee profiling and cyber threat monitoring, since most of the data breaches this day come from the inside of the company.
To check our penetration test services go to the Services tab from the main menu.
Windows users can download free antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.
Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.
Features of CyberByte™ antivirus:
- Protects you from all kind of threats
- CyberByte™ custom detection engine includes Mac and Windows malware protection and detection
- Fastest scanning times in the market
- Crypto Mining rogue extensions/malware detection
- Ransomware detection - don’t negotiate with ransomware cyber terrorists – keep your Mac and Windows safe
- Active live protection from background
- Certified Threat Detector by OPSWAT
- Easy to Install
- Easy to Manage
- Incredible value for money
Invisible, protecting you from behind the scenes - You will not feel it is installed on your computer, easy on the resources, like a protection software should be.
Original technology that combines behavioral heuristic analysis with powerful signatures database – the CyberByte™ Protection Engine delivers top of the line protection in an instant.
Fastest scanning times in the market – your time is precious, but also so is your digital life – CyberByte™ delivers fast scanning saving both time and your valuable data.
Don’t negotiate with ransomware cyber terrorists – keep your Mac safe and don’t ever end up paying for what is already yours.
Protect others as well – the CyberByte™ Protection Engine not only detects the threat but stops it from spreading to other Macs or Windows machines.
Don’t let strangers use your resources – more than 80% of the attacks are crypto mining driven. Are you sure your computer is not mining for crypto while you read this text?
Our malware protection will continuously look after your device providing the best security against viruses. Give us the chance to prove it by downloading the antivirus for your device.
CyberByte Antivirus is a certified product by OPSWAT (OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against
zero-day attacks by using multiple antivirus engine scanning and document sanitization.
To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com).
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The procedure is simple:
Just free download antivirus from CyberByte website either for Mac or Windows.
Install it using the antivirus installer package.
Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
CyberByte antivirus will show if any files are infected after the scan is finished.